@the-ai-company/cbio-node-runtime 1.63.7 → 1.64.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -5
- package/dist/clients/agent/client.d.ts +2 -2
- package/dist/clients/agent/client.js +46 -49
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +5 -5
- package/dist/clients/owner/client.js +209 -195
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +47 -48
- package/dist/protocol/childSecretNaming.d.ts +1 -1
- package/dist/protocol/childSecretNaming.js +2 -2
- package/dist/protocol/childSecretNaming.js.map +1 -1
- package/dist/protocol/crypto.d.ts +4 -4
- package/dist/protocol/crypto.js +14 -14
- package/dist/protocol/crypto.js.map +1 -1
- package/dist/protocol/identity.d.ts +2 -2
- package/dist/protocol/identity.js +4 -4
- package/dist/protocol/identity.js.map +1 -1
- package/dist/public-types.d.ts +1 -1
- package/dist/public-types.js +1 -1
- package/dist/public-types.js.map +1 -1
- package/dist/runtime/bootstrap.d.ts +6 -6
- package/dist/runtime/bootstrap.js +26 -26
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/identity.d.ts +6 -6
- package/dist/runtime/identity.js +14 -12
- package/dist/runtime/identity.js.map +1 -1
- package/dist/runtime/index.d.ts +1 -1
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/owner-session.d.ts +1 -5
- package/dist/runtime/owner-session.js +4 -5
- package/dist/runtime/owner-session.js.map +1 -1
- package/dist/runtime/vault-metadata.d.ts +2 -2
- package/dist/runtime/vault-metadata.js +2 -2
- package/dist/runtime/vault-metadata.js.map +1 -1
- package/dist/vault-core/contracts.d.ts +235 -238
- package/dist/vault-core/contracts.js +25 -34
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +41 -42
- package/dist/vault-core/core.js +251 -274
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +25 -25
- package/dist/vault-core/defaults.js +95 -95
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/errors.d.ts +1 -1
- package/dist/vault-core/errors.js.map +1 -1
- package/dist/vault-core/index.d.ts +2 -2
- package/dist/vault-core/index.js +2 -2
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +19 -19
- package/dist/vault-core/persistence.js +78 -67
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +23 -23
- package/dist/vault-core/tool-metadata.js +6 -6
- package/dist/vault-core/tool-metadata.js.map +1 -1
- package/dist/vault-ingress/defaults.d.ts +2 -2
- package/dist/vault-ingress/defaults.js +10 -10
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +46 -47
- package/dist/vault-ingress/index.js +34 -37
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +2 -2
- package/dist/vault-ingress/remote-transport.js +27 -27
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/docs/ARCHITECTURE.md +1 -1
- package/docs/CUSTODY_MODEL.md +3 -3
- package/docs/IDENTITY_MODEL.md +4 -4
- package/docs/REFERENCE.md +27 -2
- package/docs/api/README.md +3 -4
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +6 -6
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +12 -12
- package/docs/api/classes/PersistentVaultAuditLog.md +1 -1
- package/docs/api/classes/PersistentVaultSecretCustody.md +7 -7
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +12 -12
- package/docs/api/classes/PersistentVaultSecretRepository.md +7 -7
- package/docs/api/classes/VaultCore.md +53 -69
- package/docs/api/classes/VaultCoreError.md +1 -1
- package/docs/api/enumerations/AuditOperation.md +137 -0
- package/docs/api/enumerations/DispatchStatus.md +1 -1
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -1
- package/docs/api/functions/createIdentity.md +2 -2
- package/docs/api/functions/createOwnerClient.md +1 -1
- package/docs/api/functions/createOwnerSession.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +3 -3
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +1 -1
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +3 -3
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +4 -4
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
- package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
- package/docs/api/functions/initializeVaultCustody.md +1 -1
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/readVaultProfile.md +3 -3
- package/docs/api/functions/recoverVault.md +4 -4
- package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
- package/docs/api/functions/restoreIdentity.md +3 -3
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +3 -3
- package/docs/api/interfaces/AgentClient.md +3 -3
- package/docs/api/interfaces/AgentDispatchIntent.md +7 -7
- package/docs/api/interfaces/AgentDispatchTransport.md +1 -1
- package/docs/api/interfaces/AgentIdentity.md +3 -3
- package/docs/api/interfaces/AgentIdentityRecord.md +11 -11
- package/docs/api/interfaces/AgentRequestResult.md +9 -9
- package/docs/api/interfaces/AgentRuntimeManifest.md +13 -13
- package/docs/api/interfaces/AgentSecretGrant.md +11 -11
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +13 -13
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +13 -13
- package/docs/api/interfaces/AuditEntry.md +45 -25
- package/docs/api/interfaces/CbioRuntime.md +10 -10
- package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerClientOptions.md +3 -13
- package/docs/api/interfaces/CreateOwnerSessionOptions.md +4 -10
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -3
- package/docs/api/interfaces/CreateVaultOptions.md +2 -2
- package/docs/api/interfaces/CreatedVault.md +1 -1
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +9 -9
- package/docs/api/interfaces/DispatchAuthorization.md +11 -11
- package/docs/api/interfaces/DispatchInstruction.md +9 -9
- package/docs/api/interfaces/DispatchRequest.md +11 -11
- package/docs/api/interfaces/DispatchResult.md +11 -11
- package/docs/api/interfaces/IStorageProvider.md +1 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +3 -3
- package/docs/api/interfaces/OwnerClient.md +43 -11
- package/docs/api/interfaces/OwnerCreateSecretInput.md +3 -3
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +3 -3
- package/docs/api/interfaces/OwnerRequestRecord.md +19 -19
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +3 -3
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +3 -3
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +21 -21
- package/docs/api/interfaces/RecoverVaultOptions.md +4 -4
- package/docs/api/interfaces/RecoveredVault.md +1 -1
- package/docs/api/interfaces/RequestRecord.md +19 -19
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretAlias.md +1 -1
- package/docs/api/interfaces/SecretDestinationGrant.md +11 -11
- package/docs/api/interfaces/SecretId.md +1 -1
- package/docs/api/interfaces/SecretRecord.md +13 -13
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +5 -5
- package/docs/api/interfaces/VaultAuditQueryInput.md +7 -7
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +5 -5
- package/docs/api/interfaces/VaultCreateAgentInput.md +3 -3
- package/docs/api/interfaces/VaultExportSecretInput.md +3 -3
- package/docs/api/interfaces/VaultGetRequestInput.md +5 -5
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +7 -7
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +7 -7
- package/docs/api/interfaces/VaultId.md +1 -1
- package/docs/api/interfaces/VaultImportAgentInput.md +5 -5
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
- package/docs/api/interfaces/VaultListAgentsInput.md +3 -3
- package/docs/api/interfaces/VaultListGrantsInput.md +7 -7
- package/docs/api/interfaces/VaultListRequestsInput.md +5 -5
- package/docs/api/interfaces/VaultListSecretsInput.md +3 -3
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +1 -1
- package/docs/api/interfaces/VaultPrincipal.md +1 -1
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +5 -5
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +3 -3
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +7 -7
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +7 -7
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +8 -24
- package/docs/api/interfaces/VaultUpdateAgentInput.md +5 -5
- package/docs/api/type-aliases/AgentId.md +1 -1
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +1 -1
- package/docs/api/type-aliases/GrantStatus.md +1 -1
- package/docs/api/type-aliases/SecretLifecycleStatus.md +1 -1
- package/docs/api/type-aliases/VaultPrincipalKind.md +1 -1
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
- package/docs/zh/README.md +9 -3
- package/examples/process-isolation.ts +21 -21
- package/package.json +2 -2
- package/docs/api/enumerations/AuditAction.md +0 -143
- package/docs/api/enumerations/AuditOutcome.md +0 -35
|
@@ -3,13 +3,13 @@ export type RedactedResponseShape = null | string | number | boolean | RedactedR
|
|
|
3
3
|
[key: string]: RedactedResponseShape;
|
|
4
4
|
};
|
|
5
5
|
export interface VaultAgentDispatchRequest {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
6
|
+
vault_id: string;
|
|
7
|
+
request_id: string;
|
|
8
|
+
requested_at: string;
|
|
9
|
+
root_agent_id: string;
|
|
10
10
|
reason: string;
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
secret_alias?: string;
|
|
12
|
+
target_url: string;
|
|
13
13
|
method: string;
|
|
14
14
|
headers?: Record<string, string>;
|
|
15
15
|
body?: string;
|
|
@@ -35,32 +35,32 @@ export interface VaultAgentControlProof {
|
|
|
35
35
|
}
|
|
36
36
|
export type VaultAgentControlRequest = {
|
|
37
37
|
action: "list_secrets";
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
vault_id: string;
|
|
39
|
+
request_id: string;
|
|
40
|
+
requested_at: string;
|
|
41
|
+
root_agent_id: string;
|
|
42
42
|
proof: VaultAgentControlProof;
|
|
43
43
|
} | {
|
|
44
44
|
action: "list_requests";
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
45
|
+
vault_id: string;
|
|
46
|
+
request_id: string;
|
|
47
|
+
requested_at: string;
|
|
48
|
+
root_agent_id: string;
|
|
49
49
|
proof: VaultAgentControlProof;
|
|
50
50
|
} | {
|
|
51
51
|
action: "read_request_result";
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
52
|
+
vault_id: string;
|
|
53
|
+
request_id: string;
|
|
54
|
+
requested_at: string;
|
|
55
|
+
target_request_id: string;
|
|
56
|
+
root_agent_id: string;
|
|
57
57
|
proof: VaultAgentControlProof;
|
|
58
58
|
} | {
|
|
59
59
|
action: "get_manifest";
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
60
|
+
vault_id: string;
|
|
61
|
+
request_id: string;
|
|
62
|
+
requested_at: string;
|
|
63
|
+
root_agent_id: string;
|
|
64
64
|
proof: VaultAgentControlProof;
|
|
65
65
|
};
|
|
66
66
|
export interface VaultAgentControlResponse {
|
|
@@ -76,33 +76,33 @@ export interface VaultAgentControlErrorResponse {
|
|
|
76
76
|
}
|
|
77
77
|
export type VaultOwnerControlRequest = {
|
|
78
78
|
action: "list_agents";
|
|
79
|
-
|
|
80
|
-
|
|
79
|
+
vault_id: string;
|
|
80
|
+
actor_id?: string;
|
|
81
81
|
} | {
|
|
82
82
|
action: "list_requests";
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
83
|
+
vault_id: string;
|
|
84
|
+
actor_id?: string;
|
|
85
|
+
root_agent_id?: string;
|
|
86
86
|
} | {
|
|
87
87
|
action: "get_request";
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
88
|
+
vault_id: string;
|
|
89
|
+
actor_id?: string;
|
|
90
|
+
request_id: string;
|
|
91
91
|
} | {
|
|
92
92
|
action: "list_secrets";
|
|
93
|
-
|
|
94
|
-
|
|
93
|
+
vault_id: string;
|
|
94
|
+
actor_id?: string;
|
|
95
95
|
} | {
|
|
96
96
|
action: "list_grants";
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
97
|
+
vault_id: string;
|
|
98
|
+
actor_id?: string;
|
|
99
|
+
root_agent_id?: string;
|
|
100
|
+
secret_alias?: string;
|
|
101
101
|
} | {
|
|
102
102
|
action: "approve_dispatch";
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
103
|
+
vault_id: string;
|
|
104
|
+
request_id: string;
|
|
105
|
+
actor_id?: string;
|
|
106
106
|
decision: import("../vault-core/index.js").DispatchApprovalDecision;
|
|
107
107
|
};
|
|
108
108
|
export interface VaultOwnerControlResponse {
|
|
@@ -117,37 +117,36 @@ export interface VaultOwnerControlErrorResponse {
|
|
|
117
117
|
};
|
|
118
118
|
}
|
|
119
119
|
export interface VaultService {
|
|
120
|
-
readonly
|
|
120
|
+
readonly vault_id: VaultCore["vault_id"];
|
|
121
121
|
ownerRegisterAgentIdentity(request: OwnerRegisterAgentIdentityCommand): Promise<void>;
|
|
122
122
|
ownerUpdateAgentIdentity(request: import("../vault-core/index.js").OwnerUpdateAgentIdentityCommand): Promise<AgentIdentityRecord>;
|
|
123
123
|
ownerCreateSecret(request: import("../vault-core/index.js").OwnerCreateSecretCommand): Promise<SecretRecord>;
|
|
124
124
|
ownerUpdateSecret(request: import("../vault-core/index.js").OwnerUpdateSecretCommand): Promise<SecretRecord>;
|
|
125
125
|
ownerRemoveSecret(request: import("../vault-core/index.js").OwnerDeleteSecretCommand): Promise<void>;
|
|
126
|
-
ownerWriteSecret(request: import("../vault-core/index.js").VaultWriteSecretCommand): Promise<SecretRecord>;
|
|
127
126
|
ownerReadAudit(request: OwnerAuditRequest): Promise<readonly import("../vault-core/index.js").AuditEntry[]>;
|
|
128
127
|
ownerExportSecret(request: OwnerExportSecretRequest): Promise<OwnerSecretExport>;
|
|
129
128
|
ownerListAgents(request: OwnerListAgentsRequest): Promise<readonly AgentIdentityRecord[]>;
|
|
130
129
|
ownerListRequests(request: import("../vault-core/index.js").OwnerListRequestsRequest): Promise<readonly import("../vault-core/index.js").OwnerVisibleRequestRecord[]>;
|
|
131
130
|
ownerGetRequest(request: import("../vault-core/index.js").OwnerGetRequestRequest): Promise<import("../vault-core/index.js").OwnerRequestRecord>;
|
|
132
131
|
ownerListSecrets(request: {
|
|
133
|
-
|
|
132
|
+
vault_id: VaultId;
|
|
134
133
|
owner: VaultPrincipal;
|
|
135
|
-
|
|
134
|
+
request_id?: string;
|
|
136
135
|
}): Promise<readonly import("../vault-core/index.js").AgentVisibleSecretRecord[]>;
|
|
137
136
|
ownerGrantAgentSecret(request: import("../vault-core/index.js").OwnerGrantAgentSecretCommand): Promise<import("../vault-core/index.js").AgentSecretGrant>;
|
|
138
137
|
ownerGrantSecretDestination(request: import("../vault-core/index.js").OwnerGrantSecretDestinationCommand): Promise<import("../vault-core/index.js").SecretDestinationGrant>;
|
|
139
138
|
ownerRevokeAgentSecret(request: import("../vault-core/index.js").OwnerRevokeAgentSecretCommand): Promise<void>;
|
|
140
139
|
ownerRevokeSecretDestination(request: import("../vault-core/index.js").OwnerRevokeSecretDestinationCommand): Promise<void>;
|
|
141
140
|
ownerListGrants(request: import("../vault-core/index.js").OwnerListGrantsRequest): Promise<{
|
|
142
|
-
|
|
143
|
-
|
|
141
|
+
agent_secrets: readonly import("../vault-core/index.js").AgentSecretGrant[];
|
|
142
|
+
secret_destinations: readonly import("../vault-core/index.js").SecretDestinationGrant[];
|
|
144
143
|
}>;
|
|
145
144
|
ownerIssueSessionToken(request: import("../vault-core/index.js").OwnerIssueSessionTokenRequest): Promise<import("../vault-core/index.js").OwnerSessionToken>;
|
|
146
145
|
ownerIssueAllAgentSessionTokens(actor: VaultPrincipal & {
|
|
147
146
|
kind: "owner";
|
|
148
147
|
}): Promise<import("../vault-core/index.js").OwnerSessionToken[]>;
|
|
149
148
|
ownerRevokeSessionToken(request: {
|
|
150
|
-
|
|
149
|
+
vault_id: VaultId;
|
|
151
150
|
actor: VaultPrincipal & {
|
|
152
151
|
kind: "owner";
|
|
153
152
|
};
|
|
@@ -17,8 +17,8 @@ class LocalVaultService {
|
|
|
17
17
|
this._authority = _authority;
|
|
18
18
|
this._fetchImpl = _fetchImpl;
|
|
19
19
|
}
|
|
20
|
-
get
|
|
21
|
-
return this._authority.
|
|
20
|
+
get vault_id() {
|
|
21
|
+
return this._authority.vault_id;
|
|
22
22
|
}
|
|
23
23
|
ownerRegisterAgentIdentity(request) {
|
|
24
24
|
return this._authority.ownerRegisterAgentIdentity(request);
|
|
@@ -35,9 +35,6 @@ class LocalVaultService {
|
|
|
35
35
|
ownerRemoveSecret(request) {
|
|
36
36
|
return this._authority.ownerRemoveSecret(request);
|
|
37
37
|
}
|
|
38
|
-
ownerWriteSecret(request) {
|
|
39
|
-
return this._authority.ownerWriteSecret(request);
|
|
40
|
-
}
|
|
41
38
|
ownerReadAudit(request) {
|
|
42
39
|
return this._authority.ownerReadAudit(request.actor, request.query);
|
|
43
40
|
}
|
|
@@ -48,28 +45,28 @@ class LocalVaultService {
|
|
|
48
45
|
return this._authority.ownerListAgents(request.actor);
|
|
49
46
|
}
|
|
50
47
|
ownerListRequests(request) {
|
|
51
|
-
return this._authority.ownerListRequests(request.actor, request.
|
|
48
|
+
return this._authority.ownerListRequests(request.actor, request.root_agent_id);
|
|
52
49
|
}
|
|
53
50
|
ownerGetRequest(request) {
|
|
54
|
-
return this._authority.ownerGetRequest(request.actor, request.
|
|
51
|
+
return this._authority.ownerGetRequest(request.actor, request.target_request_id);
|
|
55
52
|
}
|
|
56
53
|
ownerListSecrets(request) {
|
|
57
54
|
return this._authority.ownerListSecrets(request.owner);
|
|
58
55
|
}
|
|
59
56
|
ownerGrantAgentSecret(request) {
|
|
60
|
-
return this._authority.ownerGrantAgentSecret(request.actor, request.
|
|
57
|
+
return this._authority.ownerGrantAgentSecret(request.actor, request.root_agent_id, request.secret_alias, request);
|
|
61
58
|
}
|
|
62
59
|
ownerGrantSecretDestination(request) {
|
|
63
|
-
return this._authority.ownerGrantSecretDestination(request.actor, request.
|
|
60
|
+
return this._authority.ownerGrantSecretDestination(request.actor, request.secret_alias, request.site_id, request);
|
|
64
61
|
}
|
|
65
62
|
ownerRevokeAgentSecret(request) {
|
|
66
|
-
return this._authority.ownerRevokeAgentSecret(request.actor, request.
|
|
63
|
+
return this._authority.ownerRevokeAgentSecret(request.actor, request.root_agent_id, request.secret_alias, request);
|
|
67
64
|
}
|
|
68
65
|
ownerRevokeSecretDestination(request) {
|
|
69
|
-
return this._authority.ownerRevokeSecretDestination(request.actor, request.
|
|
66
|
+
return this._authority.ownerRevokeSecretDestination(request.actor, request.secret_alias, request.site_id, request);
|
|
70
67
|
}
|
|
71
68
|
ownerListGrants(request) {
|
|
72
|
-
return this._authority.ownerListGrants(request.actor, request.
|
|
69
|
+
return this._authority.ownerListGrants(request.actor, request.root_agent_id, request.secret_alias);
|
|
73
70
|
}
|
|
74
71
|
ownerIssueSessionToken(request) {
|
|
75
72
|
return this._authority.ownerIssueSessionToken(request);
|
|
@@ -84,7 +81,7 @@ class LocalVaultService {
|
|
|
84
81
|
return this._authority.agentDispatchSecret(request);
|
|
85
82
|
}
|
|
86
83
|
ownerApproveDispatch(request) {
|
|
87
|
-
return this._authority.ownerApproveDispatch(request.actor, request.
|
|
84
|
+
return this._authority.ownerApproveDispatch(request.actor, request.request_id, request.decision);
|
|
88
85
|
}
|
|
89
86
|
ownerOnPendingDispatch(callback) {
|
|
90
87
|
return this._authority.ownerOnPendingDispatch(callback);
|
|
@@ -104,20 +101,20 @@ class LocalVaultService {
|
|
|
104
101
|
async agentHandleDispatch(request) {
|
|
105
102
|
try {
|
|
106
103
|
const result = await this._authority.agentDispatchSecret({
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
agent: { kind: "agent", id: request.
|
|
104
|
+
vault_id: { value: request.vault_id },
|
|
105
|
+
request_id: request.request_id,
|
|
106
|
+
requested_at: request.requested_at,
|
|
107
|
+
agent: { kind: "agent", id: request.root_agent_id },
|
|
111
108
|
proof: {
|
|
112
|
-
|
|
109
|
+
root_agent_id: request.root_agent_id,
|
|
113
110
|
signature: request.proof.signature,
|
|
114
111
|
token: request.proof.token,
|
|
115
|
-
|
|
116
|
-
|
|
112
|
+
request_id: request.request_id,
|
|
113
|
+
requested_at: request.requested_at,
|
|
117
114
|
},
|
|
118
115
|
reason: request.reason,
|
|
119
|
-
|
|
120
|
-
|
|
116
|
+
secret_alias: request.secret_alias,
|
|
117
|
+
target_url: request.target_url,
|
|
121
118
|
method: request.method,
|
|
122
119
|
headers: request.headers,
|
|
123
120
|
body: request.body,
|
|
@@ -137,16 +134,16 @@ class LocalVaultService {
|
|
|
137
134
|
async agentHandleControl(request) {
|
|
138
135
|
try {
|
|
139
136
|
const base = {
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
agent: { kind: "agent", id: request.
|
|
137
|
+
vault_id: { value: request.vault_id },
|
|
138
|
+
request_id: request.request_id,
|
|
139
|
+
requested_at: request.requested_at,
|
|
140
|
+
agent: { kind: "agent", id: request.root_agent_id },
|
|
144
141
|
proof: {
|
|
145
|
-
|
|
142
|
+
root_agent_id: request.root_agent_id,
|
|
146
143
|
signature: request.proof.signature,
|
|
147
144
|
token: request.proof.token,
|
|
148
|
-
|
|
149
|
-
|
|
145
|
+
request_id: request.request_id,
|
|
146
|
+
requested_at: request.requested_at,
|
|
150
147
|
},
|
|
151
148
|
};
|
|
152
149
|
let result;
|
|
@@ -158,7 +155,7 @@ class LocalVaultService {
|
|
|
158
155
|
result = await this.agentListRequests(base);
|
|
159
156
|
break;
|
|
160
157
|
case "read_request_result":
|
|
161
|
-
result = await this.agentGetRequest({ ...base,
|
|
158
|
+
result = await this.agentGetRequest({ ...base, target_request_id: request.target_request_id });
|
|
162
159
|
break;
|
|
163
160
|
case "get_manifest":
|
|
164
161
|
result = await this.agentGetRuntimeManifest(base);
|
|
@@ -172,26 +169,26 @@ class LocalVaultService {
|
|
|
172
169
|
}
|
|
173
170
|
async ownerHandleControl(request) {
|
|
174
171
|
try {
|
|
175
|
-
const actor = { kind: "owner", id: request.
|
|
172
|
+
const actor = { kind: "owner", id: request.actor_id || "owner" };
|
|
176
173
|
let result;
|
|
177
174
|
switch (request.action) {
|
|
178
175
|
case "list_agents":
|
|
179
|
-
result = await this.ownerListAgents({
|
|
176
|
+
result = await this.ownerListAgents({ vault_id: { value: request.vault_id }, actor: { kind: "owner", id: request.actor_id || "owner" }, request_id: "internal", requested_at: new Date().toISOString() });
|
|
180
177
|
break;
|
|
181
178
|
case "list_requests":
|
|
182
|
-
result = await this.ownerListRequests({
|
|
179
|
+
result = await this.ownerListRequests({ vault_id: { value: request.vault_id }, actor: { kind: "owner", id: request.actor_id || "owner" }, root_agent_id: request.root_agent_id, request_id: "internal", requested_at: new Date().toISOString() });
|
|
183
180
|
break;
|
|
184
181
|
case "get_request":
|
|
185
|
-
result = await this.ownerGetRequest({
|
|
182
|
+
result = await this.ownerGetRequest({ vault_id: { value: request.vault_id }, actor: { kind: "owner", id: request.actor_id || "owner" }, target_request_id: request.request_id, request_id: "internal", requested_at: new Date().toISOString() });
|
|
186
183
|
break;
|
|
187
184
|
case "list_secrets":
|
|
188
|
-
result = await this.ownerListSecrets({
|
|
185
|
+
result = await this.ownerListSecrets({ vault_id: { value: request.vault_id }, owner: { kind: "owner", id: request.actor_id || "owner" } });
|
|
189
186
|
break;
|
|
190
187
|
case "list_grants":
|
|
191
|
-
result = await this.ownerListGrants({
|
|
188
|
+
result = await this.ownerListGrants({ vault_id: { value: request.vault_id }, actor: { kind: "owner", id: request.actor_id || "owner" }, root_agent_id: request.root_agent_id, secret_alias: request.secret_alias, request_id: "internal", requested_at: new Date().toISOString() });
|
|
192
189
|
break;
|
|
193
190
|
case "approve_dispatch":
|
|
194
|
-
result = await this.ownerApproveDispatch({
|
|
191
|
+
result = await this.ownerApproveDispatch({ vault_id: { value: request.vault_id }, actor: { kind: "owner", id: request.actor_id || "owner" }, request_id: request.request_id, decision: request.decision, requested_at: new Date().toISOString() });
|
|
195
192
|
break;
|
|
196
193
|
}
|
|
197
194
|
return { ok: true, result };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AA4BA,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AA4BA,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAkID,MAAM,iBAAiB;IAEF;IACA;IAFnB,YACmB,UAAqB,EACrB,aAA2B,KAAK;QADhC,eAAU,GAAV,UAAU,CAAW;QACrB,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,0BAA0B,CAAC,OAA0C;QACnE,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,wBAAwB,CAAC,OAAyE;QAChG,OAAO,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAID,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,CAAC;IAED,iBAAiB,CAAC,OAAiC;QACjD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAChF,CAAC;IAED,eAAe,CAAC,OAA+B;QAC7C,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACxF,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC1F,CAAC;IAED,gBAAgB,CAAC,OAA0E;QACzF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAY,CAAC,CAAC;IAChE,CAAC;IAED,qBAAqB,CAAC,OAAsE;QAC1F,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC3H,CAAC;IAED,2BAA2B,CAAC,OAA4E;QACtG,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3H,CAAC;IAED,sBAAsB,CAAC,OAAuE;QAC5F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC5H,CAAC;IAED,4BAA4B,CAAC,OAA6E;QACxG,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC5H,CAAC;IAED,eAAe,CAAC,OAAgE;QAI9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC5G,CAAC;IAED,sBAAsB,CAAC,OAAuE;QAC5F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,+BAA+B,CAAC,KAAyC;QACvE,OAAO,IAAI,CAAC,UAAU,CAAC,+BAA+B,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,uBAAuB,CAAC,OAAwF;QAC9G,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,OAAwB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,oBAAoB,CAAC,OAAqE;QACxF,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC1G,CAAC;IAED,sBAAsB,CAAC,QAA0E;QAC/F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,uBAAuB,CAAC,OAAwE;QAC9F,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAkC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC;gBACvD,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE;gBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,aAAa,EAAE;gBACnD,KAAK,EAAE;oBACL,aAAa,EAAE,OAAO,CAAC,aAAa;oBACpC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC;gBACD,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACL,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,uBAAuB;oBACpD,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAChE;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE;gBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,aAAa,EAAE;gBAC5D,KAAK,EAAE;oBACL,aAAa,EAAE,OAAO,CAAC,aAAa;oBACpC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC;aACF,CAAC;YACF,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACvE,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACzE,KAAK,qBAAqB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAClI,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;YAChF,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,CAAC;YAC1E,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACrO,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC/Q,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,iBAAiB,EAAE,OAAO,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC5Q,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACvK,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC/S,KAAK,kBAAkB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;YACrR,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAoB,EAAE,OAAsC;IAC7F,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9D,CAAC;AAED,0CAA0C;AAC1C,MAAM,CAAC,MAAM,2BAA2B,GAAG,kBAAkB,CAAC"}
|
|
@@ -14,8 +14,8 @@ export declare class AgentDispatchHttpTransport implements AgentDispatchTranspor
|
|
|
14
14
|
constructor(_url: string, _fetchImpl?: typeof fetch, _controlUrl?: string);
|
|
15
15
|
agentDispatch(request: DispatchRequest): Promise<DispatchResult>;
|
|
16
16
|
agentListGrants(request: import("../vault-core/index.js").AgentListGrantsRequest): Promise<{
|
|
17
|
-
|
|
18
|
-
|
|
17
|
+
agent_secrets: readonly AgentSecretGrant[];
|
|
18
|
+
secret_destinations: readonly SecretDestinationGrant[];
|
|
19
19
|
}>;
|
|
20
20
|
agentListSecrets(request: import("../vault-core/index.js").AgentListSecretsRequest): Promise<readonly import("../vault-core/index.js").AgentVisibleSecretRecord[]>;
|
|
21
21
|
agentListRequests(request: import("../vault-core/index.js").AgentListRequestsRequest): Promise<readonly import("../vault-core/index.js").AgentVisibleRequestRecord[]>;
|
|
@@ -16,13 +16,13 @@ export class AgentDispatchHttpTransport {
|
|
|
16
16
|
}
|
|
17
17
|
async agentDispatch(request) {
|
|
18
18
|
const remoteRequest = {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
19
|
+
vault_id: request.vault_id.value,
|
|
20
|
+
request_id: request.request_id,
|
|
21
|
+
requested_at: request.requested_at,
|
|
22
|
+
root_agent_id: request.agent.id,
|
|
23
23
|
reason: request.reason,
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
secret_alias: request.secret_alias,
|
|
25
|
+
target_url: request.target_url,
|
|
26
26
|
method: request.method,
|
|
27
27
|
headers: request.headers,
|
|
28
28
|
body: request.body,
|
|
@@ -51,10 +51,10 @@ export class AgentDispatchHttpTransport {
|
|
|
51
51
|
async agentListGrants(request) {
|
|
52
52
|
const payload = await this._postControl({
|
|
53
53
|
action: "list_grants",
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
54
|
+
vault_id: request.vault_id.value,
|
|
55
|
+
request_id: request.request_id,
|
|
56
|
+
requested_at: request.requested_at,
|
|
57
|
+
root_agent_id: request.agent.id,
|
|
58
58
|
proof: { token: request.proof.token },
|
|
59
59
|
});
|
|
60
60
|
return payload;
|
|
@@ -62,10 +62,10 @@ export class AgentDispatchHttpTransport {
|
|
|
62
62
|
async agentListSecrets(request) {
|
|
63
63
|
const payload = await this._postControl({
|
|
64
64
|
action: "list_secrets",
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
65
|
+
vault_id: request.vault_id.value,
|
|
66
|
+
request_id: request.request_id,
|
|
67
|
+
requested_at: request.requested_at,
|
|
68
|
+
root_agent_id: request.agent.id,
|
|
69
69
|
proof: { token: request.proof.token },
|
|
70
70
|
});
|
|
71
71
|
return payload;
|
|
@@ -73,10 +73,10 @@ export class AgentDispatchHttpTransport {
|
|
|
73
73
|
async agentListRequests(request) {
|
|
74
74
|
const payload = await this._postControl({
|
|
75
75
|
action: "list_requests",
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
76
|
+
vault_id: request.vault_id.value,
|
|
77
|
+
request_id: request.request_id,
|
|
78
|
+
requested_at: request.requested_at,
|
|
79
|
+
root_agent_id: request.agent.id,
|
|
80
80
|
proof: { token: request.proof.token },
|
|
81
81
|
});
|
|
82
82
|
return payload;
|
|
@@ -84,11 +84,11 @@ export class AgentDispatchHttpTransport {
|
|
|
84
84
|
async agentGetRequest(request) {
|
|
85
85
|
const payload = await this._postControl({
|
|
86
86
|
action: "read_request_result",
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
87
|
+
vault_id: request.vault_id.value,
|
|
88
|
+
request_id: request.request_id,
|
|
89
|
+
requested_at: request.requested_at,
|
|
90
|
+
target_request_id: request.target_request_id,
|
|
91
|
+
root_agent_id: request.agent.id,
|
|
92
92
|
proof: { token: request.proof.token },
|
|
93
93
|
});
|
|
94
94
|
return payload;
|
|
@@ -96,10 +96,10 @@ export class AgentDispatchHttpTransport {
|
|
|
96
96
|
async agentGetRuntimeManifest(request) {
|
|
97
97
|
const payload = await this._postControl({
|
|
98
98
|
action: "get_manifest",
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
99
|
+
vault_id: request.vault_id.value,
|
|
100
|
+
request_id: request.request_id,
|
|
101
|
+
requested_at: request.requested_at,
|
|
102
|
+
root_agent_id: request.agent.id,
|
|
103
103
|
proof: { token: request.proof.token },
|
|
104
104
|
});
|
|
105
105
|
return payload;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,
|
|
1
|
+
{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE;gBACL,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;aAC3B;SACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,aAAa;YACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAiH,CAAC;IAC3H,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAiE;QACtF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA+E,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAkE;QACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgF,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,qBAAqB;YAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA8D,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAwE;QACpG,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgE,CAAC;IAC1E,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAa;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,OAAO,GAAyG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5I,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}
|
package/docs/ARCHITECTURE.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Architecture (v1.65.1)
|
|
2
2
|
|
|
3
|
-
The cbio runtime follows a **
|
|
3
|
+
The cbio runtime follows a **Vault** architecture: a unified, authority-centric model where security is grounded in proof-of-knowledge (passwords) rather than external identity hierarchies.
|
|
4
4
|
|
|
5
5
|
## Core Principles
|
|
6
6
|
|
package/docs/CUSTODY_MODEL.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Custody Model (v1.47.0)
|
|
2
2
|
|
|
3
|
-
This document defines the **
|
|
3
|
+
This document defines the **Vault** custody model for the local vault runtime.
|
|
4
4
|
|
|
5
5
|
## Scope
|
|
6
6
|
|
|
@@ -37,10 +37,10 @@ The runtime enforces a hard process boundary (A/B Architecture):
|
|
|
37
37
|
|
|
38
38
|
## Export / Reveal Policy
|
|
39
39
|
|
|
40
|
-
Exporting secret plaintext is a first-class grant of the
|
|
40
|
+
Exporting secret plaintext is a first-class grant of the Vault.
|
|
41
41
|
- `exportSecret(...)` is a valid, audited administrative operation.
|
|
42
42
|
- Requires the vault to be in an unlocked (operational) state.
|
|
43
43
|
|
|
44
44
|
## Conclusion
|
|
45
45
|
|
|
46
|
-
The
|
|
46
|
+
The Vault model prioritizes **Ease of Use** and **Security through Isolation**. By moving away from complex external identity hierarchies, it provides a stable, "password-manager" style experience for automated agency.
|
package/docs/IDENTITY_MODEL.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# Identity Model (v1.47.2)
|
|
2
2
|
|
|
3
|
-
This document defines the identity model for the **
|
|
3
|
+
This document defines the identity model for the **Vault**.
|
|
4
4
|
|
|
5
5
|
## Principle: Authority, Not Identity
|
|
6
6
|
|
|
7
|
-
The
|
|
7
|
+
The Vault model simplifies the relationship between actors and the vault:
|
|
8
8
|
|
|
9
9
|
1. **Administrator (Owner)**: Authority is rooted in **knowledge of the master password**. There is no pre-registered `OwnerIdentity`. If you can unlock the vault, you are the master.
|
|
10
10
|
2. **Delegates (Agents)**: Identities authorized by the master to perform specific tasks.
|
|
@@ -38,9 +38,9 @@ All administrative operations performed by the password-holder are recorded unde
|
|
|
38
38
|
|
|
39
39
|
## What was Removed
|
|
40
40
|
|
|
41
|
-
To achieve the
|
|
41
|
+
To achieve the Vault's simplicity, the following legacy concepts were removed:
|
|
42
42
|
- **Child Identities**: Deterministic derivation of keys from a parent identity is no longer supported. Use **Managed Identities** instead.
|
|
43
|
-
- **Identity-Private Vaults**: Every identity used to have its own encrypted "mini-vault". This has been replaced by the unified storage of the
|
|
43
|
+
- **Identity-Private Vaults**: Every identity used to have its own encrypted "mini-vault". This has been replaced by the unified storage of the Vault.
|
|
44
44
|
|
|
45
45
|
## Relationship Summary
|
|
46
46
|
|
package/docs/REFERENCE.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
# CBIO Vault Runtime Reference (v1.65.
|
|
1
|
+
# CBIO Vault Runtime Reference (v1.65.2)
|
|
2
2
|
|
|
3
|
-
This document describes the current implemented runtime surface for the **
|
|
3
|
+
This document describes the current implemented runtime surface for the **Vault**.
|
|
4
4
|
|
|
5
5
|
## Primary API Surface
|
|
6
6
|
|
|
@@ -15,6 +15,31 @@ The v1.65.1 runtime centers on a streamlined **Grant-based** authorization model
|
|
|
15
15
|
|
|
16
16
|
## Identity and Access Control
|
|
17
17
|
|
|
18
|
+
## Identity and Access Control
|
|
19
|
+
|
|
20
|
+
### 0. Secret Management
|
|
21
|
+
|
|
22
|
+
Alias namespaces are **globally unique** within a Vault. Secrets are managed with strict, predictable semantics:
|
|
23
|
+
|
|
24
|
+
| Method | Must already exist? | If duplicate alias? | Batch support? |
|
|
25
|
+
|---|---|---|---|
|
|
26
|
+
| `ownerCreateSecret` | No (must be new) | ❌ throws `VAULT_ALIAS_ALREADY_EXISTS` | ✅ Atomic |
|
|
27
|
+
| `ownerUpdateSecret` | Yes (must exist) | N/A | ✅ Atomic |
|
|
28
|
+
| `ownerRemoveSecret` | Yes (must exist) | N/A | No |
|
|
29
|
+
|
|
30
|
+
**Batch atomicity**: When an array is passed, all preconditions are verified first. If any check fails, nothing is written.
|
|
31
|
+
|
|
32
|
+
```ts
|
|
33
|
+
// Single
|
|
34
|
+
await client.ownerCreateSecret({ alias: 'key', plaintext: '...' });
|
|
35
|
+
|
|
36
|
+
// Batch — atomic: all-or-nothing
|
|
37
|
+
await client.ownerCreateSecret([
|
|
38
|
+
{ alias: 'key-a', plaintext: '...' },
|
|
39
|
+
{ alias: 'key-b', plaintext: '...' },
|
|
40
|
+
]);
|
|
41
|
+
```
|
|
42
|
+
|
|
18
43
|
### 1. Agent Identities
|
|
19
44
|
- `ownerCreateAgent(...)`: Provision a new agent identity and return a session token.
|
|
20
45
|
- `ownerListAgents()`: Enumerate all registered agents.
|
package/docs/api/README.md
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
|
-
**CBIO Node Runtime Agent API v1.
|
|
1
|
+
**CBIO Node Runtime Agent API v1.64.0**
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
5
|
-
# CBIO Node Runtime Agent API v1.
|
|
5
|
+
# CBIO Node Runtime Agent API v1.64.0
|
|
6
6
|
|
|
7
7
|
## Enumerations
|
|
8
8
|
|
|
9
|
-
- [
|
|
10
|
-
- [AuditOutcome](enumerations/AuditOutcome.md)
|
|
9
|
+
- [AuditOperation](enumerations/AuditOperation.md)
|
|
11
10
|
- [DispatchStatus](enumerations/DispatchStatus.md)
|
|
12
11
|
- [IdentityErrorCode](enumerations/IdentityErrorCode.md)
|
|
13
12
|
- [OwnerClientErrorCode](enumerations/OwnerClientErrorCode.md)
|